14,952
edits
Changes
Jump to navigation
Jump to search
Line 31:
Line 31: − + − + − + − +
DNS Security Facilitation - Technical Study Group (view source)
Revision as of 19:56, 18 November 2021
, 2 years ago→Work Product
==Work Product==
==Work Product==
The Final Report indicated that [[ICANN Organization]] can improve the security of the [[DNS]] directly, through funded research and education, and indirectly through partnerships, community collaboration, and [[Contractual Compliance|contractual controls]] and offered 12 recommendations:<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref>
The Final Report indicated that [[ICANN Organization]] can improve the security of the [[DNS]] directly, through funded research and education, and indirectly through partnerships, community collaboration, and [[Contractual Compliance|contractual controls]] and offered 12 recommendations:<ref>[https://community.icann.org/display/DSFI/DSFI+TSG+Final+Report?preview=/176623416/176623417/DSFI-TSG-Final-Report.pdf DSFI-TSG Final Report, ICANN Community]</ref>
# Develop a Tabletop Exercise Program
# Develop a Tabletop Exercise Program to exercise incident-response procedures and identify operational gaps for services provided by registries and registrars and facilitate closing them
# Continue Existing Work on [[DNS Abuse]]
# Continue developing the definitions of [[DNS Abuse]] and support the security and research communities in identifying and mitigating DNS abuse via SME research funding
# Investigate DNS Security Enhancements
# Investigate DNS Security Enhancements
# Investigate Best Practices for Authentication
# Investigate Best Practices for Authentication
# Empower [[CPH|Contracted Parties]] to adopt security enhancements to the domain registration systems and authoritative name services
# Empower [[CPH|Contracted Parties]] to adopt security enhancements to the domain registration systems and authoritative name services
# Bug Bounty Program Feasibility Funding
# OFfer Bug Bounty Program Feasibility Funding
# Educate DNS stakeholders to make available the appropriate standards-based authentication mechanisms for all interactions
# Educate DNS stakeholders to make available the appropriate standards-based authentication mechanisms for all interactions
# Improve documentation and understanding of Registry Lock features and promote their use; explain the differences between Registry and Registrar Lock to registrants; facilitate the standardization of minimum requirements for Registry and Registrar Lock services
# Improve documentation and understanding of Registry Lock features and promote their use; explain the differences between Registry and Registrar Lock to registrants; facilitate the standardization of minimum requirements for Registry and Registrar Lock services
# Raise Awareness of Best Practices for [[ICANN Terms#Infrastructure|Infrastructure]] Security by participating in initiatives such as [[MANRS]] and [[KINDNS]] and promoting the adoption of [[DMARC]], [[SPF]], [[TLSA]], [[DANE]], and [[DNSSEC]]
# Raise Awareness of Best Practices for [[ICANN Terms#Infrastructure|Infrastructure]] Security by participating in initiatives such as [[MANRS]] and [[KINDNS]] and promoting the adoption of [[DMARC]], [[SPF]], [[TLSA]], [[DANE]], and [[DNSSEC]]
# Help the [[ICANN Community]], contracted parties, and others understand the risks and benefits of DNS [[RBL|Blocking]] and filtering for [[SSR|security and stability reasons]], best practices, tooling for DNS interdependencies to avoid large-scale collateral damage, using the Public Suffix List ([[PSL]]), sharing lists to avoid overblocking, and general reputation hygiene
# Help the [[ICANN Community]], contracted parties, and others understand the risks and benefits of DNS [[RBL|Blocking]] and filtering for [[SSR|security and stability reasons]], best practices, tooling for DNS interdependencies to avoid large-scale collateral damage, using the Public Suffix List ([[PSL]]), sharing lists to avoid overblocking, and general reputation hygiene
# Incident Responses
# Develop and deploy a formalized incident-response process across the DNS industry that allows for interaction with others in the ecosystem
# Raise Covert Channel Awareness
# Raise Covert Channel Awareness